diff mbox series

[3/4] trusted-firmware-m: set CVE product and version for mbedtls

Message ID 20231019105552.3631582-4-mikko.rapeli@linaro.org
State New
Headers show
Series RFC: detect CVEs from embedded mbedtls | expand

Commit Message

Mikko Rapeli Oct. 19, 2023, 10:55 a.m. UTC
Enables detecting CVEs in embedded mbedtls:

WARNING: trusted-firmware-m-1.8.1-r0 do_cve_check: Found unpatched CVE
(CVE-2023-43615 CVE-2023-45199)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 .../trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc         | 2 +-
 meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc
index f7e202ad..8230acef 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc
@@ -28,7 +28,7 @@  SRCREV_tfm = "53aa78efef274b9e46e63b429078ae1863609728"
 # TF-Mv1.8.1
 SRCBRANCH_tfm-tests ?= "master"
 SRCREV_tfm-tests = "1273c5bcd3d8ade60d51524797e0b22b6fd7eea1"
-# mbedtls-3.4.1
+CVE_VERSION_mbed_tls = "3.4.1"
 SRCBRANCH_mbedtls ?= "master"
 SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
 # mcuboot v1.10.0
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
index 1747c654..a21f61df 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
+++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
@@ -8,6 +8,8 @@  DESCRIPTION = "Trusted Firmware-M"
 HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git"
 PROVIDES = "virtual/trusted-firmware-m"
 
+CVE_PRODUCT += "mbed_tls"
+
 UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$"
 
 # Note to future readers of this recipe: until the CMakeLists don't abuse